CVE-2025-12375

The Printful Integration for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.11 via the advanced size chart REST API endpoint. This is due to insufficient validation of user-supplied URLs before passing them to the downloadur...

CVE-2026-27092

Missing Authorization vulnerability in Greg Winiarski WPAdverts wpadverts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPAdverts: from n/a through = 2.3.0...

CVE-2026-27092 WordPress WPAdverts plugin <= 2.3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Greg Winiarski WPAdverts wpadverts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPAdverts: from n/a through = 2.3.0...

CVE-2026-27092

CVE-2026-27092 describes a Missing Authorization (broken access control) vulnerability in the WordPress WPAdverts plugin, affecting WPAdverts versions up to and including 2.3.0 (some sources list up to 2.2.11). The issue is tied to misconfigured access control on WPAdverts, enabling unauthorized ...

CVE-2026-27092 WordPress WPAdverts plugin <= 2.3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Greg Winiarski WPAdverts wpadverts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPAdverts: from n/a through = 2.3.0...

CVE-2025-12375

CVE-2025-12375 refers to a Server-Side Request Forgery in the Printful Integration for WooCommerce plugin for WordPress. The vulnerability exists in all versions up to and including 2.2.11 and is triggered via the advanced size chart REST API endpoint, due to insufficient validation of user-suppl...

PT-2026-20770

Missing Authorization vulnerability in Greg Winiarski WPAdverts wpadverts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPAdverts: from n/a through = 2.2.11...

WordPress WPAdverts plugin <= 2.2.11 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by theviper17 in WordPress Plugin WPAdverts versions = 2.2.11...

EUVD-2025-205246

Missing Authorization vulnerability in WP Socio WP Telegram Widget and Join Link wptelegram-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Telegram Widget and Join Link: from n/a through = 2.2.11...

CVE-2025-68589

Missing Authorization vulnerability in WP Socio WP Telegram Widget and Join Link wptelegram-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Telegram Widget and Join Link: from n/a through = 2.2.12...

CVE-2025-68589 WordPress WP Telegram Widget and Join Link plugin <= 2.2.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Socio WP Telegram Widget and Join Link wptelegram-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Telegram Widget and Join Link: from n/a through = 2.2.12...

PT-2025-53277

Name of the Vulnerable Software and Affected Versions WP Socio WP Telegram Widget and Join Link versions through 2.2.11 Description The WP Telegram Widget and Join Link software contains a flaw related to incorrectly configured access control security levels, potentially allowing unauthorized...

CVE-2025-27274

Path Traversal: '.../...//' vulnerability in axelkeller GPX Viewer gpx-viewer allows Path Traversal.This issue affects GPX Viewer: from n/a through = 2.2.11...

CVE-2025-27274

Path Traversal vulnerability in NotFound GPX Viewer allows Path Traversal. This issue affects GPX Viewer: from n/a through 2.2.11...

CVE-2025-27274 WordPress GPX Viewer plugin <= 2.2.11 - Path Traversal vulnerability

Path Traversal: '.../...//' vulnerability in axelkeller GPX Viewer gpx-viewer allows Path Traversal.This issue affects GPX Viewer: from n/a through = 2.2.11...

CVE-2025-27274

CVE-2025-27274: WordPress GPX Viewer (NotFound GPX Viewer) is affected up to version 2.2.11 by a path traversal vulnerability. Root cause is a path traversal flaw in the GPX Viewer component. Remediation: update to GPX Viewer 2.2.11 or later (patched). Exploitation details are not provided in the...

CVE-2025-27274 WordPress GPX Viewer plugin <= 2.2.11 - Path Traversal vulnerability

Path Traversal: '.../...//' vulnerability in axelkeller GPX Viewer gpx-viewer allows Path Traversal.This issue affects GPX Viewer: from n/a through = 2.2.11...

WordPress plugin GPX Viewer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

DEBIAN-CVE-2025-25184

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplied proof-of-concept demonstrates injecting malicious conten...

CVE-2024-9438 SEUR Oficial <= 2.2.11 - Reflected Cross-Site Scripting

The SEUR Oficial plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'changeservice' parameter in all versions up to, and including, 2.2.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...